Coronavirus (COVID-19) Update

/in /by

The March issue of the Advisor® included information on COVID-19.  You are encouraged to read the article on page 4 of the March issue to obtain information on signs and symptoms, prevention, and coordination with public health departments.  OSHA does not have a Standard for COVID-19 at this time, but has released guidance, and also refers to the Centers for Disease Control and Prevention (CDC) guidance.  The main CDC web page providing coronavirus guidance can be found here:

https://www.cdc.gov/coronavirus/2019-ncov/index.html

The virus has been named “SARS-CoV-2,” and the disease it causes has been named “coronavirus disease 2019” (COVID-19).  SARS-CoV has been found to cause severe illness in some people, although the complete clinical picture is not yet fully understood. Reported illnesses have ranged from mild to severe, including illness resulting in death. Although current data suggests that most COVID-19 illness is mild, data out of China suggests serious illness occurs in 16% of cases. Older people and people with certain underlying health conditions like heart disease, lung disease and diabetes, for example, seem to be at greater risk of serious illness.

As of March 12, 2020, the virus was confirmed in 43 states and District of Columbia, with 1,215 confirmed cases and 36 deaths in the US.  Testing is just now beginning at the local public health department level in some areas, so those numbers are expected to rise rapidly.  There is evidence of person-to-person transmission of COVID-19 in the US in at least 29 cases as of 3/9/2020.  The CDC will be updating numbers regularly at noon Mondays through Fridays here:  https://www.cdc.gov/coronavirus/2019-ncov/cases-in-us.html.  

Precautions

Appropriate hand hygiene, cough etiquette, social distancing, and reducing face-to-face contact with potential COVID-19 cases are needed to slow disease transmission and reduce the number of people who get sick.  If you are a subscriber to the Custom Safety Program, refer to Influenza Safety policies in Section 1.35 through 1.49.  These policies, when followed, will also help to reduce transmission of COVID-19.  For staff awareness and training, refer back to the Influenza Safety training from the September 2019 issue of the Advisor® if you have not recently conducted training.

If you find yourself in an area with an outbreak of COVID-19, consult with local public health departments for assistance and coordination, and follow the CDC guidance for healthcare facilities at the following URL:

https://www.cdc.gov/coronavirus/2019-ncov/healthcare-facilities/guidance-hcf.html

Patient Screening and Management

Screen patients and visitors for symptoms of acute respiratory illness (e.g., fever, cough, difficulty breathing) before entering your healthcare facility.  Place a facemask on suspected/confirmed patients and isolate them in an Airborne Infection Isolation Room (AIIR) if available.  Expedite treatment and disinfect exam rooms/operatories after the patient leaves the facility.

  • Provide visual alerts (signs, posters) at entrances and in strategic places providing instruction on hand hygiene, respiratory hygiene, and cough etiquette.
  • Ensure supplies are available (tissues, waste receptacles, alcohol-based hand sanitizer)
  • Facemasks should be available at triage for patients with respiratory symptoms.
  • If possible, create an area for spatially separating patients with respiratory symptoms. Ideally patients would be >6 feet apart in waiting areas.

We will continue to provide further updates and guidance on COVID-19 as the situation develops.

Update:

OSHA has just released guidance for workplaces on preparing for COVID-19.  See the link below:
https://www.osha.gov/Publications/OSHA3990.pdf

HiQ Services, LLC and Eagle Associates, Inc. Announce Partnership

/in /by

Jan. 24, 2020 – Charlotte, NC – HiQ Services, LLC and Eagle Associates, Inc. are pleased to announce a partnership in which Eagle Associates will provide its HIPAA Compliance and Security Risk Analysis solutions to complement HiQ’s MIPS Essentials services. 

Eagle Associates has been providing compliance assistance to practices throughout the country for over 30 years, providing inclusive compliance services that require minimal time and effort for a practice to implement. Ongoing customer support is what has set Eagle Associates apart from its competitors.

HiQ was founded in 2019 to help small and large practices succeed with MIPS, MACRA & QPP across a wide range of medical specialties. HiQ’s MIPS Essentials Gold package will include HIPAA Compliance and Security Risk Analysis services provided by Eagle Associates; the Security Risk Analysis Package will also be offered via the HiQ MIPS a la Carte services.

HiQ’s President, Mike Schmidt commented: “HiQ is honored to have such a recognized industry leader as Eagle Associates as our partner. We believe that the great majority of small practices are at risk for HIPAA compliance as well as for MIPS audits with regards to their Security Risk Analysis. We look forward to working closely with Eagle Associates to provide an optimized solution for small and large practices alike.”

Eagle Associates, Inc. Vice President Jennifer Cosey shared: “Eagle Associates is pleased to partner with HiQ.  The executives at HiQ are experienced, knowledgeable industry insiders who care about customer service and client satisfaction.  We are happy to share a valued resource with clients who have a need for MIPS consulting.  They will find outstanding assistance and expertise at their fingertips with HiQ.

To find out more, please visit www.hiq-services.com or www.eagleassociates.net

Emergency Directive to Mitigate Windows Vulnerabilities

/in /by

The Office for Civil Rights (OCR) is the entity that enforces HIPAA regulations.  In partnership with the Cybersecurity and Infrastructure Security Agency (CISA) and the Division of Critical Infrastructure Protection (CIP), the OCR has shared a directive regarding critical Windows vulnerabilities that need to be addressed as soon as possible.  Although the directive is mandatory for Federal entities, OCR strongly recommends that all healthcare and public health sector entities also consider patching their environments as soon as they are able.

Eagle Associates highly recommends patching as soon as possible to protect your networks/devices from malware and other activity that would cause considerable disruption and expense.  We advise that you work with your IT staff/vendor to implement the patches, because healthcare entities are attractive targets for malware, due to the value and sensitive nature of PHI.  In addition, you could be the subject of investigation and enforcement action if it was found that you didn’t take reasonable steps to mitigate known risks, such as this vulnerability.

Please read the full directive for complete details, but among the vulnerabilities patched were weaknesses in how Windows validates Elliptic Curve Cryptography (ECC) certificates and how Windows handles connection requests in the Remote Desktop Protocol (RDP) server and client.  The vulnerabilities affect all supported versions of Windows (including Windows 10, Windows Server 2012 etc.), and other related products as follows:

  • Internet Explorer
  • Microsoft Office and Microsoft Office Services and Web Apps
  • ASP.NET Core
  • .NET Core
  • .NET Framework
  • OneDrive for Android
  • Microsoft Dynamics

You can read the directive here: https://cyber.dhs.gov/ed/20-02/

The Microsoft patch information can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Jan

TB Skin Test Antigen Shortage Resolved

/in /by

In June 2019, Par Pharmaceutical Companies, Inc. reported that Tuberculin, Purified Protein Derivative Aplisol® was expected to be in limited supply for 3-10 months. The CDC had not modified its recommendations for baseline TB testing due to the shortage. However, serial TB testing schedules were recommended to be modified in settings with a low likelihood of TB exposure. The shortage has since been resolved. Normal TB testing schedules may be resumed without the need to substitute Tubersol® or an interferon-gamma release assay (IGRA) blood test.

HIPAA Security Emphasis

/in /by

Prior to the end of support of Windows 7 in January 2020, many covered entities are still working to upgrade their operating system to Windows 10. We have published an article in the October issue of the Advisor® that warns of some documented security vulnerabilities within Windows 10 that must be considered in properly configuring the newer operating system. Following is a link to a whitepaper for proper configuration of Windows 10 (that was issued jointly by Microsoft and HIPAAOne) that you may share with your IT vendor or personnel: https://www.hipaaone.com/wp-content/uploads/2019/06/HIPAA-Compliance-Microsoft-Windows-10.pdf

In addition, the article describes two aspects of a Security Risk Analysis that HHS has recently emphasized. The first is in regard to an asset listing, which is generally addressed in contingency planning. While this list may be helpful in rebuilding the network/information system following a disaster, HHS emphasizes that the listing should first serve as a thorough inventory of all devices that receive, store or transmit EPHI so that appropriate security measures can be considered for each. And lastly, an asset listing will help practices with multiple locations track the location of devices.

The second item of emphasis is a recommendation from HHS that covered entities establish a business associate listing. It is recommended that any time the services of a new vendor are engaged, the practice determine whether the vendor will qualify as a business associate. If so, the business associate should be recorded in a listing, along with contact information and a description of the services the BA provides. A Business Associate Agreement must be established with such entities prior to providing access to or sending the BA any protected health information. When a covered entity is audited by the Office for Civil Rights, a business associate listing will be requested. Establishing the list prior to an audit will ensure that your practice is able to respond quickly and confidently to the request.

Please see the article in the October 2019 Advisor® for more details.

Nationwide Shortage of TB Skin Test Antigens

/in /by

There is an update to this article, available here

The Centers for Disease Control and Prevention (CDC) has issued an alert concerning a shortage of Aplisol®, one of two purified-protein derivative (PPD) tuberculin antigens that are licensed by the FDA for use in performing tuberculin skin tests. Par Pharmaceuticals notified CDC that they expect a 3 to 10-month nationwide shortage of the product, but this is only an estimate and is subject to change.

The CDC advises:

In settings with a low likelihood of TB exposure, the deferment of routine serial testing should be considered in consultation with public health and occupational health authorities. Annual TB testing of healthcare personnel is not recommended unless there is known exposure or ongoing transmission.

To accomplish baseline TB testing, or if testing becomes necessary in response to a known exposure to TB disease, Tubersol® may be substituted for Aplisol®, or an interferon-gamma release assay (IGRA) blood test may be used instead. Allocation of TSTs should be prioritized in consultation with state and local public health authorities. 

To monitor the status of this supply interruption, you may visit FDA’s Center for Biologics Evaluation and Research (CBER)-regulated products: current shortages webpage:  https://www.fda.gov/vaccines-blood-biologics/safety-availability-biologics/cber-regulated-products-current-shortages